Analysis Overview
SHA256
38489bae8a9c1bfa391f1c71f3b132ffbea81a8c70189bbf0c842c49dff3fd48
Threat Level: Known bad
The file r2modman-3.1.45.exe was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-10 17:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-10 17:01
Reported
2023-12-10 17:04
Platform
win10v2004-20231127-en
Max time kernel
48s
Max time network
128s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\ror2mm\shell | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\ror2mm\shell\open | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\ror2mm\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2YdD7Ltj84yNaFA8WFnubPX89uo\\r2modman.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\ror2mm | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\ror2mm\URL Protocol | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\ror2mm\ = "URL:ror2mm" | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000_Classes\ror2mm\shell\open\command | C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\r2modman-3.1.45.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\r2modman-3.1.45.exe
"C:\Users\Admin\AppData\Local\Temp\r2modman-3.1.45.exe"
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
"C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe" --type=gpu-process --field-trial-handle=1632,6141870236675702293,1031113871089464971,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1680 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
"C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,6141870236675702293,1031113871089464971,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2060 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
"C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe" --type=renderer --field-trial-handle=1632,6141870236675702293,1031113871089464971,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\resources\app.asar" --node-integration --node-integration-in-worker --no-sandbox --no-zygote --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe "Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\Valve\Steam -Name "InstallPath"""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\Valve\Steam -Name "InstallPath""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe "Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\Valve\Steam -Name "InstallPath"""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\Valve\Steam -Name "InstallPath""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe "Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\Valve\Steam -Name "InstallPath"""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\Valve\Steam -Name "InstallPath""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.233.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| GB | 88.221.134.19:80 | tcp | |
| US | 8.8.8.8:53 | 19.134.221.88.in-addr.arpa | udp |
| GB | 88.221.134.19:80 | tcp | |
| GB | 88.221.134.19:80 | tcp | |
| GB | 88.221.134.19:80 | tcp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| GB | 88.221.134.19:80 | tcp | |
| GB | 88.221.134.19:80 | tcp | |
| GB | 88.221.134.19:80 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | thunderstore.io | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 104.26.14.244:443 | thunderstore.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 244.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gcdn.thunderstore.io | udp |
| GB | 93.123.11.62:443 | gcdn.thunderstore.io | tcp |
| GB | 93.123.11.62:443 | gcdn.thunderstore.io | tcp |
| GB | 93.123.11.62:443 | gcdn.thunderstore.io | tcp |
| GB | 93.123.11.62:443 | gcdn.thunderstore.io | tcp |
| GB | 93.123.11.62:443 | gcdn.thunderstore.io | tcp |
| GB | 93.123.11.62:443 | gcdn.thunderstore.io | tcp |
| US | 8.8.8.8:53 | 177.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nstA912.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nstA912.tmp\nsis7z.dll
| MD5 | d24f19a26aed41c00d6abc30e6b7db25 |
| SHA1 | 33bb8e9882a2cd37bc8b64284e75472a1b97efc5 |
| SHA256 | c0bce23817ab3d39db8d475ed06dfe129534cb1dcd05a023c574eeb5fe7a8541 |
| SHA512 | 9ad71663a5117e6df1ed224c25279cce4edfe74a5b8a3bc40b40d56b3086eae1577c1af4ba6437e103aa07433f6434f1c53e69a88e843ea2814044ab7771324e |
C:\Users\Admin\AppData\Local\Temp\nstA912.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
| MD5 | fc8bf4600cf8a7e9f09bd6d1953aaeb3 |
| SHA1 | 4ff0d3db48c1ee38cd2508f82c6679be1e89f065 |
| SHA256 | 528e978b7720f2187c8f5d7c0b57918499a645b62341af2353c9a6f06b838ff0 |
| SHA512 | b0c27d450f86feecd2eec8ff28c77c5dcdc3385ddb84d27c24f112a3631dad6f1cba74cfa43f134ac282052148ef284e8220f9a58fe822caa0193ccb1905e263 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\ffmpeg.dll
| MD5 | 08648621846f1d2c07cdee18518bfe01 |
| SHA1 | 453dd125125951420fb6a88bf46e4639fca3abe3 |
| SHA256 | 626bc7036f8476c5a2710b6eb662051aae82ec22765e728d99bbc176e55e2637 |
| SHA512 | 9e4fce2e0c5990874078c66e67d32bdce249a66e2757f5f05580eefdfdb0c4ec5c04d5517d42ced46f89ec800111f393cff0edbfa502e5e424d0d504c62da676 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\ffmpeg.dll
| MD5 | 3e8711609c5e98d8c7b6737b9ba3a5d2 |
| SHA1 | db419f4df9acf6fba4b181623f372d2eda13f7b7 |
| SHA256 | 064cd738efe2f23ed1ee50bfc4a0ce8d838f80529dc0af776b767aa42a40091e |
| SHA512 | 026b24d722229573f2fc9d1a048b56c00584369f6a35290b2d64b795e31c6c86df0665a98fc9f4887adc1a84dec2bd001ae443dc3c87a5394f4f5b58dcba9f32 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\icudtl.dat
| MD5 | 319ca4f448b1cd597eeeaf31439c3b71 |
| SHA1 | bc853bd965d1b4989a49799bae7d26e2945662f6 |
| SHA256 | 3459e82cffba6f65c96e143f4b8ce95cf052869cc60415d53c368947fec2b88f |
| SHA512 | cd3a73ed67c453c696c110ad47bc5bf02f0dfc987dbb1c35bf06b1eb09f1a3d001e1e33a39730c99b0d7c843a4027c982bfd18f95f62ca0bf8d19eaaec3d48f7 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\v8_context_snapshot.bin
| MD5 | c2208c06c8ff81bca3c092cc42b8df1b |
| SHA1 | f7b9faa9ba0e72d062f68642a02cc8f3fed49910 |
| SHA256 | 4a67de195878d290f49b503b83e415917b8bbcbd9936b07a5d33b48e9bc6e0a3 |
| SHA512 | 6c3c370dd086a976c44d4059a315bd3bcbb50961aa34734e65a40d861cffca9090d47cec74575afe23952e394e4845bda2d8798eebe01fb54a7a6288bce238f5 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\resources\app.asar
| MD5 | 3ce6376f93b0c8434df0b0ebef54dfa5 |
| SHA1 | 2088659c93a8ad20078a558348c1ad478eae26e4 |
| SHA256 | fd843482fadf40f88cd999fc8bd97f728859a5e6cbae5bea227f3ad2ad0f567a |
| SHA512 | 9c4fe2ee4a395623688b620b2e1d4825fa4c74388452aebf2ece2304a4310e1334e0058ed0f9a19b40723d372529c6110281b144deef9b342936fd864ad09a36 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
| MD5 | e0c9bd65a4a2b9e736a3d87850d3c7de |
| SHA1 | 0334597935579d4ce939ebdc5bb72bcac0209e04 |
| SHA256 | e260564e735d02d2dcb6e01f58490b9ef9843d6a0d44e7dfcdd0424bd379673e |
| SHA512 | c921b9768ace80148cd35e4b47bd489254217eddfa3595920c65daab7e673328f20b6046f81190ba4e95f235ef9f5a8412e7af4f51207819cb81d49797460e6a |
memory/3156-182-0x00007FFBA8690000-0x00007FFBA8691000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
| MD5 | d2b62e5cb7080d6bcc09cc37dc34ac30 |
| SHA1 | e28a05206bdd6eb9853489f5cb4c97c3ab2527e6 |
| SHA256 | 4192895649308a780e0fe8a746c98ac74444a5442f065b259e87025644250759 |
| SHA512 | 529d274b87b44f6c9fcb1d708947b99a4e99aa25bd158a00e99464b9b1523ac52b4762c77c1bcb1dc389cbbece4a0f1697c344faa8c59928073968129896b796 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\ffmpeg.dll
| MD5 | fb57296d5e43a49d847e14aeac802bda |
| SHA1 | cfaa3dc4484adcdeafa402329126ec1f18da60fc |
| SHA256 | 9b8d62a6217784417ec47af8b176e36211074751a572671a7d72cc3ce8e5e6cb |
| SHA512 | f3a63953979ba6e23cfb64a331f1cd343b548d08fa6bf2a2e8720160e89078865c994142b65c57c82c0a04103670f8b45ffac89deb46007c819f1a5c6e9d2156 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\ffmpeg.dll
| MD5 | 0435841bb76a3d5bfeb42e4f8d0d287b |
| SHA1 | 5a573fad97c7d5e552fd76844b22baacac6af51c |
| SHA256 | 2aebf91b66bde6f084a68cb91a1fad66d17277a7de891a8cbe7a7e37f1cd98b2 |
| SHA512 | c55af91016072bfcc30bc655ca05b0cbf02a4899b4cb78fc2abb8ea5118175b881bd8d2ff82f293607f5d299c1fef793f94a9aa14e483cebc43ade05dc79be63 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
| MD5 | c64fc7ff4af5a34d6af76d6e5c2b8ae0 |
| SHA1 | f4a1f493e7e6c4e257eb1347647ca932ebf232d3 |
| SHA256 | 26a17cd2f74e17c956ad4a01b85d23bc58f1c48f68809cfb91f209dc84040592 |
| SHA512 | 301edfacab97df8f62309f2d2c3ec0fe370e16f7c08c23d1817b944fa009757a565ffa5cd2db13095e98d935d32ad8c654554d64c46238e82677eaf930b3c8b1 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
| MD5 | 325a755b574aea3c677e497bf0bda03b |
| SHA1 | b4899f52b3fd4019c1819a38b44d225ea0893759 |
| SHA256 | 64633aac0b106e5e2e63146a599234ca3d7a8db7bbe792678059718a5ab065be |
| SHA512 | 64338fafb4239d07729ab52ec94d4ff388fb230bc12c8fb88df1bff4cd39fc6fa77222c9d6ac0d85b8ce7bcc09ff7809b713073f6f32be9fd29be2c401558ad3 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\resources.pak
| MD5 | adac63c4486d345500d7002cde393495 |
| SHA1 | 56b5bebbc4a01922965d109baf8dee89acaf1a82 |
| SHA256 | 9924147b7d85251ccb369257c4818e899e64d5bddc18e0e3d0886084f0d3a79b |
| SHA512 | 5b19cbd8694724251e92c7c77594ed2f96f5825b65fa328403e05263446e5dbab8bf64bbf76583ff34f4c9c5c4f3285257bbf0147e2dc300de5da6431202ed61 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\locales\en-US.pak
| MD5 | bd8f7b719110342b7cefb16ddd05ec55 |
| SHA1 | 82a79aeaa1dd4b1464b67053ba1766a4498c13e7 |
| SHA256 | d1d3f892be16329c79f9a8ee8c5fa1c9fb46d17edfeb56a3d9407f9d7587a0de |
| SHA512 | 7cd1493e59e87c70927e66769eb200f79a57e1eb1223af4eb4064088571893d3e32cbc4b5ece568fd308992aad65684aa280dc9834f2b5d327bdee514b046e5e |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\chrome_100_percent.pak
| MD5 | 06baf0ad34e0231bd76651203dba8326 |
| SHA1 | a5f99ecdcc06dec9d7f9ce0a8c66e46969117391 |
| SHA256 | 5ae14147992a92548bcad76867dd88cdfcdb69d951c8720920cce6fb135e3189 |
| SHA512 | aff6616e56781ebb925a0ca146245ad3b2827250b32261c0c7c0d5b10b20a343a17fc3761c95d93104163e77b2eae3f1f9cbd3cb2b377f49b42bea39bdd09b91 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\chrome_200_percent.pak
| MD5 | 57c27201e7cd33471da7ec205fe9973c |
| SHA1 | a8e7bce09c4cbdae2797611b2be8aeb5491036f9 |
| SHA256 | dd8146b2ee289e4d54a4a0f1fd3b2f61b979c6a2baaba96a406d96c3f4fdb33b |
| SHA512 | 57258aa169bec66abf0f45a3e026bb68751fb970b74bd0cb465607fa3b2a89967e832d92d8f675f0449bb6662fcb7786d05f0597124cc8e18bb99a47245779b4 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\D3DCompiler_47.dll
| MD5 | db2846a3c15493408231848a28b05c9c |
| SHA1 | 20fbdea52495e0f90245cc65a9e4f922717517e9 |
| SHA256 | 477df60f520cf821ffac5c7ffa464dd48bacff175702625da66d1fdbeec181bd |
| SHA512 | a81cf32243585dad8d54d5076bc2263ed80337620a3317b6c7f3b294d0fade090f984761f206a48e1be0ad9793f5948df149269d7a05e7791d87f007898e54e3 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\r2modman.exe
| MD5 | 940ce615a71d1a3efff604664d9a15e5 |
| SHA1 | 0729f0efd3adf698ba080d59d37a7c0b30110bc0 |
| SHA256 | 23eab7857e991246714643fb3e29716bfd82c432cfa6aeeeb2af76f5127f4b20 |
| SHA512 | 44d18ca38a8db417e986224cfa162aaffdfe0843327634c25b3b87495a4f6372fb56b451932636137d295f146a8c75f786c9519059c5aea60cac5931c3cf433a |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\ffmpeg.dll
| MD5 | e452570762764392792485e66b9b4d23 |
| SHA1 | 3ae1f49975dd33439b23139db3974f8443a8c2bf |
| SHA256 | 433fc1e401f46831f345fd2ee2b07f954b3225c56708e1b86209bc0a99d27932 |
| SHA512 | a64de3c0bf301d7533e431b2443d2d679a8f5153aceb676c05d297696e1f1bd869c09e36be9db97336d91b2d545c7d130e9977bce69acdec225b2d95071f68cc |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\d3dcompiler_47.dll
| MD5 | 0a5c1df636af6bba8be3dfbc39fcb44f |
| SHA1 | 05be5ec9972dc78250d9ab3c32cf792115ddd5ec |
| SHA256 | 42256804ce0f92280656de759ad24bf2c3646b2463ec19ea6f700dc12e37099a |
| SHA512 | 04eb094915d6df5e98cfcfb814d4644c61bdaa9f262ea4d122f65ee4dd5593f80da71a33afae0dd99ffb58922354d02c93b9b0b33babb200fa362a02d28abd08 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\libglesv2.dll
| MD5 | 7d5d312b252ddb2dfcd14132146f3359 |
| SHA1 | 6ba65df98e5a9f6cf013fd6403fca50b86f89371 |
| SHA256 | ecded17e60054f5e33733f3f4b829ccf727d04fefb8563b6cfe7c53cb396933e |
| SHA512 | aec271441ebb894cf0e7c24b1a8fc10d8063ccbdd8d9df66315ad56f23fe7d85345219d7a7c11b0358718aedd7aa9d19213c079e825d2d77eaebc4c1ee1851a1 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\libEGL.dll
| MD5 | bbe37c9eb1ee2a7e96281bf372196db7 |
| SHA1 | 310b101d5b2f01e5f4149d7ef87a3ee17fc06848 |
| SHA256 | 3a8957ce0c585ca6323e2082637a28123f68f973ca90c558973e8fb611ad2603 |
| SHA512 | 03bb707b25d8ff5e537bb2bffc777786f91e1a44af3447b1408a59c91515c143a563ae8dfb9fe6cf836fa16c708f9d33c64481dfa5ded23d66c1ab23aca9e5ff |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\libegl.dll
| MD5 | c306d8c8e20806187e7ff4eaf43ed902 |
| SHA1 | 490d441f7d42eb867d549c1773b5290a881c08c2 |
| SHA256 | 97193ec31e612d6a8dc09ea4498f2cf237a2a72bc1d36ba2a13a3cc5402d36b6 |
| SHA512 | 1a04f0a864b188c114b897534ad52fb387cbe296e2d9c12da5bad79377a6ca9d3ea44954c11668dbe2fb10a4c67e47d165b2255df758948e1069e8953e9ca3d6 |
C:\Users\Admin\AppData\Local\Temp\2YdD7Ltj84yNaFA8WFnubPX89uo\libGLESv2.dll
| MD5 | acff1259c05f448d4ec8b3d648e995d2 |
| SHA1 | 415a8e70fa99c4369f813e298e3e765e612489c4 |
| SHA256 | 576b73625a7982f8ee2f0cdff8c57a40c17c127b82f6830a70037adf34c59a97 |
| SHA512 | c4c0554e7e90caa9ee95e50ba831741b83bd98000fcc3a84af64b68cc8bf64d8369ebbf970221c21e5d1435a38d05c857046066a0731b50cc4c919ce96f081c5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\r2modman\IndexedDB\file__0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/996-262-0x000001F1EEA00000-0x000001F1EEA22000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zaokf4a2.5ch.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/996-267-0x00007FFB86590000-0x00007FFB87051000-memory.dmp
memory/996-268-0x000001F1EEEF0000-0x000001F1EEF00000-memory.dmp
memory/996-269-0x000001F1EEEF0000-0x000001F1EEF00000-memory.dmp
memory/996-270-0x000001F1EEEF0000-0x000001F1EEF00000-memory.dmp
memory/996-273-0x000001F1EEEA0000-0x000001F1EEEE8000-memory.dmp
memory/996-274-0x00007FFB86590000-0x00007FFB87051000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 6cf293cb4d80be23433eecf74ddb5503 |
| SHA1 | 24fe4752df102c2ef492954d6b046cb5512ad408 |
| SHA256 | b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8 |
| SHA512 | 0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e0ec6bf376a6b15852bce768196c5ed0 |
| SHA1 | 05fe4e592ebbb7e29f36b8d30a6a90ba29bd4f81 |
| SHA256 | 2d4a39cbbd597a7cfff477817c3c7c541c14974c8d234b4c0de6d229e3a3ce97 |
| SHA512 | dc0c7d3d127c88affea9ae402d7358c079cfa7fc3ecb417085e31dc749da1406e72563bfbe42167fdad57e10aa0c6cca7a8ba06921b3a1212ad7ccee1a0f859b |
memory/868-287-0x00007FFB86590000-0x00007FFB87051000-memory.dmp
memory/868-288-0x0000023B5EBC0000-0x0000023B5EBD0000-memory.dmp
memory/868-289-0x0000023B5EBC0000-0x0000023B5EBD0000-memory.dmp
memory/868-290-0x0000023B5EBC0000-0x0000023B5EBD0000-memory.dmp
memory/868-292-0x0000023B5EC00000-0x0000023B5EC48000-memory.dmp
memory/868-293-0x00007FFB86590000-0x00007FFB87051000-memory.dmp
C:\Users\Admin\AppData\Roaming\r2modman\TransportSecurity
| MD5 | 0cc126939ae272b8b5ddd11987f2f394 |
| SHA1 | 27ee04559f81f85119647f5a0f2021ef27c873e3 |
| SHA256 | 0e95243a9d809ae1690623f2e83db998cad369a5b316fd5702ce4cea26ab9307 |
| SHA512 | a4a9c5644001952b8a4424bb94c4605683ef94d976805806f99a34cae1f0541c8f996d0e47729f00969f1ee2805160bec9fad6368ad4f42096033de926ab12f8 |
C:\Users\Admin\AppData\Roaming\r2modman\TransportSecurity~RFe58a544.TMP
| MD5 | 769710b1d41c284f43d202699d92fe0a |
| SHA1 | c7edd782e3ec410c0a70075c29b0c1b7010ff023 |
| SHA256 | 7fa4612c18a743c353830520331448046263c7d80ad2d063cc000d803ba6e8b9 |
| SHA512 | 9c3d43806f024b7740f6cc1acddbb331ad40f36add3d1ce89515b0347c0ebad32043c2a720ed0c2221f0feae64099ff104cb1ca0e10cb1bbadb0c71a62b68deb |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100.zip
| MD5 | 45348d7f073bfe6e3463aaf91292f3e6 |
| SHA1 | b1bc07a1109543e74cb1a1d533b282c18610c494 |
| SHA256 | 0792b04ac18a70948acfaa2fa9005724809c14538a5a17b765fde2b626f6c710 |
| SHA512 | 58656b0497eef0c46b37429c0f8dbff61998bae48c302bac3968779406660950f672c7b1e7295a19587cbf6994576ce11855b54a940def39b1051341c8237bf1 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\profiles\Default\mods.yml
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\0Harmony.dll
| MD5 | 4705aa1c7a9795d2787722bc8c419ae8 |
| SHA1 | aa1552cf0311f27ca02d34df0558a718d16fb660 |
| SHA256 | 1a21cc03424fc82c3dd1346905d16494536b9595ae4162228d99fb7c285c1031 |
| SHA512 | 2f2bb761d21d7288c2b373958a5eab228797d1a348147f8ff0ea603611c6d79e938a4ccf45f23ffc82500731a68bce8feafcd26a5264d79fd5d7435e6ba69b93 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\Mono.Cecil.Pdb.dll
| MD5 | 427e0464246b1e364c5a1a898db2ecf4 |
| SHA1 | dc968ab6e3f9202b5550efb04c0e17c1df04d7d7 |
| SHA256 | 174db44a067f58561510af746f3caeb032037762c57a31c8d9ee32db25174984 |
| SHA512 | 02ef1f9246e6117e6e958f019333720f07ff13feb5778b343e69d6e27e74e8ef1e6f122b486ce12b1e1eed546b17499ce906e8660babf281676bd8c6405f0dd6 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\MonoMod.Utils.dll
| MD5 | 96c7b1340105a3b86f3e8d19a844903a |
| SHA1 | bc258633aab1a2a1839dcc44eed944d865fd6038 |
| SHA256 | 9d1495f147ac93c4f81f84538c1a326e8f8a6aefc78d6289d798f3ce1162c5e9 |
| SHA512 | 36706eb655c995d81aa731c067912452a566ef5b752effdf212603aa0099e28de56588191acced82fb97aeae33df06f229d8cbed969c92cf9b8d439d04c223de |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\Mono.Cecil.Rocks.dll
| MD5 | 36a8284f264bdb2cb3420f5d2b8b10e0 |
| SHA1 | b842aa70ac6ff9cc3922189e971a62659299ef64 |
| SHA256 | 54ac539fb5ddc8b44c0e9acd0fcb7324f89d1a072edf8ebc1b06dd691e3d3927 |
| SHA512 | 3979601ce74b72e1519d020832e57e21b5269bda955878ad52e2d162d6de47fde4793fee9a163551f52081bc2dff90e197f030f8cb83128d07b8571073451e0d |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\HarmonyXInterop.dll
| MD5 | c969b761bc13e019523c01be8a04eed1 |
| SHA1 | b986e0add3fdbc92ef9edb9b019d69043bd92cd1 |
| SHA256 | 21222a7c25a2ddea5e53e9390a693c9b9858fc824b38f9cfe4a5049648c50b6d |
| SHA512 | 343ae988a183cee5dbd5ae1d89d5b86f9e01433aa134fd567557fe132c1515860c9024ef33704bd8c56e79a2f2f2c3865ac5f1f9ea9418277157ac964e394124 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\MonoMod.Utils.xml
| MD5 | b41ea71f1b1bd676092243d75450a2c2 |
| SHA1 | 6b6e986262e4dc5d00f5d99534bf99f4416fc101 |
| SHA256 | 0577b362023a3432d6e8d7934c5eddc3e08fdbb19e191af083e341562c5ede38 |
| SHA512 | c626e74c7f7e7b97d7961e10ea93e457fca2fdec34bcad52a8d7ff55dee783b6e6c0f8ebd72777d0d4394dbff24a900a22ce39ff569fbd6c5c376392e66e7516 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\winhttp.dll
| MD5 | f67ed749e83419d4086d6ad9b8428b35 |
| SHA1 | 805ea44fbc71842b321e56f7ab99914142d29d89 |
| SHA256 | cf9dd372ca0ddbe01153502c49f8f756197bb260001792fe766f6c0242dc7fc0 |
| SHA512 | c638647478e0093e7b845857c0288f8b33a1b7b15ed18f51259bfd37897c4b29a1d386203bfde6f0d9da09ba33259b8e58e06eff2c44e5c22d0e6a454536556a |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\Mono.Cecil.Mdb.dll
| MD5 | 5a8b48fcf5e445095799e2c9149ff932 |
| SHA1 | d4c514fbac7a30ddee7d0f597c3eae23a32ccedc |
| SHA256 | 5896d1898f616701fff18f3b2c71e6b844d2390ef9f41e1c5fccce8cb27c698e |
| SHA512 | b99b02f296e5c817b8f984317e67c885099a3cc1198ee1808a0033b48ef60d27866719f0986d7f9a1ad547939bf6dc1886e858b9db7ba4375013b96db31957b6 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\MonoMod.RuntimeDetour.xml
| MD5 | 7cdc7f0ea1d474acc68c86edfb4d9960 |
| SHA1 | 74c7991a02780205114bbf93dd84db0b4ce22407 |
| SHA256 | 54887808960d156550b37d602d08847607aa9e908d039f2765fb0b5e79394aa4 |
| SHA512 | 9fb3ec507ece16f2ee03edc1806704eba517605d8e35e7622f868541cbce632aaa44c805c37ca47214d1bfb83571212222e85f9951181728c82318a2f0f644fc |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\MonoMod.RuntimeDetour.dll
| MD5 | 04e1988b3ea65408d4c4c29e34bcdeb1 |
| SHA1 | 9c599b3c60f92bd3663042dc0781be78e2ff0882 |
| SHA256 | 40e49bb314391cd7bddc2644f8553eeba92c194b940836b103df16955c464e0c |
| SHA512 | 93fd6df274132691a47e00c84e69c84620de7967434c2164deeb7b605038233be7d29d0acb2dc6dce5bbb4b13225094a61f12458be094ac9b2ec27edc6a524a0 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\BepInEx.xml
| MD5 | 69bd3d124414a6b280a05dc6bac7ed0e |
| SHA1 | 39a4381749043b4de68aec01727febd29a3643a4 |
| SHA256 | d80b36463462052c5461d5b28ef3aae6d39fdbb6ba67cebd37d4324f2563414c |
| SHA512 | ce54e96065e16a0b58a54ee0eda6864692e3c2c878d38882cfb17804a077cbeda4a0fc02ded8c6155adbd2e8861a2059e66587cad64b16378aa505fd23950a5d |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\Mono.Cecil.dll
| MD5 | a28cb50d2b45f2a66f1f229d8a5761a3 |
| SHA1 | 37fd57e6d452d3d990b98d6bdbb8b1f395139551 |
| SHA256 | d853cef01a5d3e0f33f3ad4bf8959c27234fa5d1b4113956fe8d7d0aab47d10d |
| SHA512 | b57db7205b24324b8e15d7b04a0a55cf786ccc92e057e6045d017e859c8998e523622172e45795fc9339add13d15f7f2bad828b185a2b80a4ea59538ea903209 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\BepInEx.Harmony.dll
| MD5 | dbda2a5dce19f10b1d28e4c9f6132f33 |
| SHA1 | 28cdb90e0ff909e125c97a1a16ab567387548395 |
| SHA256 | d0739c4a13f369094cb164c205ee4cca5392bdd7241b9f242ee13f0d4c0b1856 |
| SHA512 | 515b30fa0479c8fdd9d5dfdbe7e4fd407ecf31d8885caf2a5d76ed02beafe2c4090aba94533cc844e7a04c552a642cd8e38623fdf91a8f7d3a0e06544ce10aa1 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\0Harmony.xml
| MD5 | e6363c10ec87b6ffbe44ac84036ee93d |
| SHA1 | d7083c94cb5cd4753cffa6e0510f4f70ed29498f |
| SHA256 | d1f02fc3ada3a13da307de421225bfe56ebe24064370980979391c4be021672f |
| SHA512 | b50eee9602fe0b92a3a36ee33be51ef46d889b106b31d102748be3f9d0de3e457534a1f5407b7045cae937e1739004a33a07ac7b6298f7402994f2ec77fd972b |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\BepInEx.Preloader.xml
| MD5 | acb09a446c6e7a218b8b1cd6385d7f3b |
| SHA1 | eac34c290838bd5e7c38eb80b7c9a4074834085f |
| SHA256 | f62d6a5daeee5452b037b8ed46b4051a5dd38aeb6edd2d116be15e222b28c615 |
| SHA512 | f11d99fc6fd18a8e9ebd1721349898cb2670248ead4418fb353a491d0c060b2f247c254ec2cf5bb453acded7ce499189009dea6542baae6f56d1eefb175bc1da |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\0Harmony20.dll
| MD5 | b7116e8c024f51fe4bf5e425f0f495e3 |
| SHA1 | f44249b08cb7825e170938a462d8d84128430365 |
| SHA256 | 4b2fa06106044896e84d0a739a646333d98a34fa2c61c4d1eefc0bf96f964211 |
| SHA512 | ca702eb764aeacfa8891b9b8565332c11091430946e4ee3a0de92dc804a0b7faefc6164a415ab4fd65b763de702012d64203bc704b34bc9ef9a56114e6f16080 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\BepInEx.Preloader.dll
| MD5 | 80bb4e3e3b0ab831bc70be1f77644c2b |
| SHA1 | b0050dc0d9ade04c090ba85c3d07e4202ad0f75a |
| SHA256 | 9678c74f47353a11afde4ab05887388bcbb69dffc4e28db93af1d1ce0b6ee635 |
| SHA512 | 82abebc21148c080458e023add328a7f967f69326fcf7938f2064aabca5532ef23c0d0ca5e4da99d8af6bded7d61a09035680c4da554d12f49b871c0c1a5a429 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\BepInEx.Harmony.xml
| MD5 | a9ed47b1f141a3c4e36fa02a47e99b5a |
| SHA1 | 8c312db6f4730cfd0a94065c49407de6a98d0427 |
| SHA256 | a04fedf08f7c81f5d01aba6f2840a7ffce50b79bbd24587d8dbe69ab73971d29 |
| SHA512 | 0a2265559cacb02c603d9018cee487a12d1623c29af5b0993333c98c0e47633d980c88d4893e8ece697229e3638309c7557b4a5181258d9fda70ef532adc0ba8 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\core\BepInEx.dll
| MD5 | 2572c62735efb9061a097c371c926921 |
| SHA1 | 576426e0477f156712348bf66db1b540d7640f98 |
| SHA256 | 475f794330ff7da4e70f892694498cf516d41eb9b064faa5797e09a1dd546b33 |
| SHA512 | 52017d3591e70bf913a2366bffe12a458deb213e24b3b2ad791cda1aff5e363f46a9dc39c983c6fffa3cfc567872fe98adc3a997a43e601566e2fb521834fefa |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\BepInExPack\BepInEx\config\BepInEx.cfg
| MD5 | 1470f1b227ce82ba7e9abe4abc8ffefb |
| SHA1 | b711435396a9ffc1619ddf76004837e7d49cabb8 |
| SHA256 | 7c594bee79a4c41c5a4c9430036d2570f4b8cc6816e6e4a3e505880e70721202 |
| SHA512 | 45c783ac090101a1398e524c3434c624c873191cd041d64f2461b1a6572c1d1de30f4236d4bf1434ade9ffa5fb0e154e61a432e1e36bb982634e85d83e7bfbb3 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\profiles\Default\doorstop_config.ini
| MD5 | fb293e081268ab7c632594de395c766f |
| SHA1 | 5941e92129effbcd82cca47da5400e7d24694014 |
| SHA256 | 2255e7640434fdfccbfeb123a5f4fccb05032481b39c2ba822e905ccba58d20e |
| SHA512 | 77946456dd05e087f9cc179cf404e9e3d392c317d4b7dc651ebb0d3fac02851ccbab59ba0d3e742f9ecbd4e9ba1fdde1542bf8bea7e6ac58876a844817b0f592 |
C:\Users\Admin\AppData\Roaming\r2modman\Network Persistent State
| MD5 | 78bfcecb05ed1904edce3b60cb5c7e62 |
| SHA1 | bf77a7461de9d41d12aa88fba056ba758793d9ce |
| SHA256 | c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572 |
| SHA512 | 2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73 |
C:\Users\Admin\AppData\Roaming\r2modman\Network Persistent State~RFe58c6a6.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\r2modman\TransportSecurity
| MD5 | c2d30d126e70656452b6eb19677de25a |
| SHA1 | 19810a299ad4dd9b03b7aea813eccbe47130cbda |
| SHA256 | ed0805b6183a2f593cc8e242d09e118227615da7194a891aa8421e13569c67f7 |
| SHA512 | 8212bdb345d1c48181cc5bc9e6680b65c1421c6583401f01bb0c6f7efd5263c62ce143c49ea3c14c3d1ff2bc719083ef18e606817927f60ccdf1675a563106e6 |
C:\Users\Admin\AppData\Roaming\r2modman\Cache\f_000092
| MD5 | 60d572b554ba257f08baa861c471f8ee |
| SHA1 | 4bd63169830fb737f0165a6ab4d118a317349eb5 |
| SHA256 | 466a77bfea0644bcbc075dc16e0c43f6b86e9d8e6cbca664e70c832b13c8ac1e |
| SHA512 | 2528ea57d39f552bf0c34049b48684107bf8c78cd77ddeedabbf09783a7fb839bc0e195cfea49049a06bfa862806d531c9120a8a04cb72ca06dd2b751b947aaf |
C:\Users\Admin\AppData\Roaming\r2modman\Cache\f_00009e
| MD5 | 8ab2b5f677b1f30133686b5201e0b3fc |
| SHA1 | 0fee5374f99a1e48a173923e44b568c19b930d09 |
| SHA256 | dd2f25503c9e2c57290a8c1ee28783b46a6f49bf06a36ce765135abd45a5bd37 |
| SHA512 | f464f147a663911b4b08b1fdbfaabfd5ac14eb6c56926ae7e8fd181f62cce5e9a1659d35b3d1c5096fd7bc8ed01dfa8e419f347f789965177e30bccd3fffbdff |
C:\Users\Admin\AppData\Roaming\r2modman\Cache\f_0000e5
| MD5 | 739e3a30de75335ee71bb289a9516b7c |
| SHA1 | 7169bf4c7f73f98c8df8aaf708ed0433a760dd4b |
| SHA256 | 605a2a77bf5d8dc43726ce5e38d554e3f692f40be1ef85923fd1b6ba438b2bfd |
| SHA512 | fc16d3cb9085991867961285de6f5c81084e2331b2b7b6c4e3e19fea15c206f6754ec8e34600529595a93368725f8b05501c4b60d09baf825819bc4dc4b579d8 |
C:\Users\Admin\AppData\Roaming\r2modman\Cache\f_00010b
| MD5 | 2156aa6ddc5b65eb99fb769180b8a65f |
| SHA1 | 0b59146806158fd0e6f9f0a3cd075ff807f53fd4 |
| SHA256 | b8970e405b11fc740370914fa16de8a4929baf803e862a7922ca678807a15c3c |
| SHA512 | 1c83dc08caeecf6ad3f7b7c9fa90412b63a20538cc4be6a83cf9442bc668fef667e29125e9179d0d8ae04f248e3dda41c075036117ffa0eed3d7fae7b4343566 |
C:\Users\Admin\AppData\Roaming\r2modman\TransportSecurity
| MD5 | 91e49fe53bfc6f4c36e74f273674b809 |
| SHA1 | 6af4c60ffdc058f82a6b35a4b9cf88eaf6b3ae4d |
| SHA256 | 749ab317ba16e5400fae542d42ecee3e66184ff25cc985b2ca59d5af1d28903f |
| SHA512 | 9bdca384b9f1a32fe1a42b3ce2c91294a7b2a2d695d1117f6bb0604396f938cf60186167dc178a17b77f07ca45c1cfb3dfe5101a521a07df15ef6bacbc6b9d68 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\profiles\Default\mods.yml
| MD5 | c32dffb0e2240e2ce893fc697f092b52 |
| SHA1 | 9bee96a5e9c15adc2ff0bbef3f483f337bc95809 |
| SHA256 | 928f32bfac74c9bbaf3f7684fbfd2c228d29332f42e56e602737b086bffc1f72 |
| SHA512 | 5808ff7c362ca26070508b7aeb6c0d5c971e9be086257ce4262d0069dfb0cb2a934e0b9fdd4750386ed3b6812ff9136227bb0c7fdeabcbe29531f7e28608532e |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\AllToasters-SpectateEnemies\1.4.0.zip
| MD5 | e8007e7b7e0d321f18a1f24e80414fbc |
| SHA1 | 1e2adcc366cf1d25546dd8d902cc4764837ccfd1 |
| SHA256 | 6f75984a62f5cd36a633ad67266c76e4de920573f86582f580be9e32a55fb5c6 |
| SHA512 | a8e5d5832bf07f0efcf8f2db89c186fa8a675bb0d4421f037267d6bfaf15fa4c0efff2706e791db9f8317e2174bda927cdf474d030120bb507f2ebe685582b1d |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\AllToasters-SpectateEnemies\1.4.0\icon.png
| MD5 | d15e41ffd30d317413610fca4a3c09fc |
| SHA1 | 5e918be49ef784c8b24dcd67cd24d14ecac3d820 |
| SHA256 | dc0d0228ed4baa1e067e5b36f5d770df3693c90430a11efe7dfaef7460a00872 |
| SHA512 | cdda971a911eb4144607d5cc1131f5bc72ce785a84b10100ba50987c8ca143e78d6fba4bc0c1116cda77275ad144644f6739dbc281729caceae896aac581fbfd |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\profiles\Default\BepInEx\plugins\AllToasters-SpectateEnemies\SpectateEnemy.dll
| MD5 | e7d02233a1066fab7edb60efaf93298f |
| SHA1 | 597549b57cd02eb2d73e9d00645c0db6244ca17b |
| SHA256 | f1179d4ab44eb1432eb47a788f77ffd15d723e8989c452fb28a7e20b5be845c2 |
| SHA512 | 7bcfa84c7f1ffd011ed1b8cfcb0efd9a81cb0fc205f973c4e9119bdff06514cfdd19395042344a44380feef8d867378c8d912daf3cf92809f31fab69307ddc86 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\profiles\Default\BepInEx\plugins\AllToasters-SpectateEnemies\README.md
| MD5 | 920721623fa40dafaf54bc886d28c034 |
| SHA1 | 38877d649b3e6abf53bf594ea02f428ffd6d8015 |
| SHA256 | b5b2c6e076b68034baecfde1e6e13e604ab4b1edea4038bcfaab98749e68e154 |
| SHA512 | 071f0cfb1fa047777a0d00e8183f491899abf4c644a8a81fe9edf3bb17f5fc5d3d06f3714623b3ee0cccafbe5feaefa979e3d33de9e0eef6d574b4a99db03ca8 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\profiles\Default\BepInEx\plugins\AllToasters-SpectateEnemies\manifest.json
| MD5 | 2eedbd1d86ff493d0061ad9e6a75d561 |
| SHA1 | b1c6e5c0bca61a0a1b7a371d617a973e6839109f |
| SHA256 | 99f1e58a2933668c16422e6a1779d0964cd0fdc016b9dbc135d1e900168cfb88 |
| SHA512 | bf30b4e0a76fe761b39d33a83e63c8da3cc650f045bcccfdaa36aeac6d0833426b31a8cc8143fc32e09073542884049746ac4ebc94c0901d36b79003b25c066f |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\profiles\Default\BepInEx\plugins\AllToasters-SpectateEnemies\CHANGELOG.md
| MD5 | b87e09611871da70514b12d0cb7f39ec |
| SHA1 | e52a8c6e0e4dd5200eb7695442526dda099ca884 |
| SHA256 | aeb119449e0d191c830a4a5518f35f0c8744e323c197333534d18896192c1817 |
| SHA512 | 5fca1267bbd850377944702d8e88bd63d2d087147fdd0cbe9df9745d114304187ea0fa4dd3d68a22cc17b96b7b1dbc3e33d6b75b1f267d0190eda5fc43173b80 |
C:\Users\Admin\AppData\Roaming\r2modmanPlus-local\LethalCompany\cache\BepInEx-BepInExPack\5.4.2100\icon.png
| MD5 | 6a2afdf6f0910b9e3f8b9f2b8d15d7dc |
| SHA1 | 05872c042a355492ebbce08b77665e7e7011257a |
| SHA256 | d674921f6262ccfb403c414f31f1e147110da04446674cc985fe4e5cff1b14d6 |
| SHA512 | 5dd7693f28cd5976f6a68bdad6c9c1c7f749708998e9eb77f4ec64b03e1eeb709849d377b5ccd6af08dc3552984369593c698beda5be61b5fa5a6d4f97c6b096 |
C:\Users\Admin\AppData\Roaming\r2modman\TransportSecurity
| MD5 | a657745c616949567631ed1f5c58b9f0 |
| SHA1 | ae530575221a91fedd3d208da85325c50ee1c222 |
| SHA256 | f82fa2661cbfdc068f1d68e84691b50953601208baa5abbf47ffdd3c0c1bd88a |
| SHA512 | da461644b539c7b8aa04b4e7046066a75557c93752118bc5a73c873a813333c75ef4f8d68f9eb9df949ccf976c916c84c747a37a2b25723f3bd620aebece8250 |
memory/4132-1287-0x0000020835670000-0x0000020835680000-memory.dmp
memory/4132-1286-0x0000020835670000-0x0000020835680000-memory.dmp
memory/4132-1298-0x0000020835670000-0x0000020835680000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 567d7fef99fd45b4def9fa7b093384e2 |
| SHA1 | e6a0a4657276cca5142193ad980e34d1ed382f41 |
| SHA256 | 7ec7b5f3f860f6b4a326dcc883a2bd3f57bac0a5774418b48e3ef54c2cd2893c |
| SHA512 | f45b7876ae0e3eac9dee187f2b901da361caf20e2aebc545408a95f6926a2b3a13233392d085487a76e6972784877637576bf8f9b644c0d59cea02f9177aa711 |
memory/4132-1285-0x00007FFB86700000-0x00007FFB871C1000-memory.dmp
memory/4132-1300-0x00007FFB86700000-0x00007FFB871C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\r2modman\Network Persistent State
| MD5 | 5e82724e92c280dc55c39b6ace1d246e |
| SHA1 | 478738ac7649a8e39164dffb94ec52b1c48fa9e1 |
| SHA256 | 006c67b039636b048568012a8c77aa34a8c580399a9e2a24b0e90f3d02c2a2cd |
| SHA512 | 5a9fcfde90b27efdfe5874accb36fe5844a7ddf9c427eda8e4aebcedef1c3693cdfcdf495b26d243a7b910791e043da781ce5d80083869ae9106c330f49da291 |